﻿<?php
session_start();
require_once "config.php";
$chuthuong='abcdefghijklmnopqrstuvwxyz';
$chuhoa='ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$chuso='1234567890';
$chucai=$chuthuong.$chuhoa;

//define("DEBUG",TRUE);
?>
<html>
<head>
<title>Login</title>

</head>
<body>
<?php
if (isset($_POST['login'])) {
	$username=$_POST['username'];
	//$password=md5($_POST['password']);
	$password=($_POST['password']);
	$sql="select * from users where name='$username' and pass='$password' limit 1;";
	$result=mysql_query($sql) or die(mysql_error());
	if ($data=mysql_fetch_array($result)) {
		$_SESSION['name']=$username;
		$_SESSION['uid']=$data['id'];
		echo "Login successfully.";
		redirect("index.php",4);
	} else {
		echo "Wrong username or password!";
		redirect("?",4);
	}
} else if (isset($_SESSION['name'])) {
	echo "<a href='logout.php'>Logout First.</a>";
} else {
	echo "<form action='?' method='post'>";
	echo "Username: <input type='text' name='username'/>";
	echo "Password: <input type='password' name='password'>";
	echo "<input type='submit' name='login' value='Login'>";
	echo "</form>";
}
function retain($str,$kitu) {
	$len = strlen($str);
	$sret="";
	for ($i=0; $i<$len; $i++) {
		if (strpos($kitu,substr($str,$i,1))!==false) 
			$sret .= substr($str,$i,1);
	}
	return $sret;
}
function redirect($location, $delaytime = 0) {
    if ($delaytime>0) {    
        header( "refresh: $delaytime; url='".str_replace("&amp;", "&", $location)."'" );
    } else {
        header("Location: ".str_replace("&amp;", "&", $location));
    }    
}
?>

